#!/bin/bash

CLUSTERNAME=$(params.cluster-name)
SECRET_NAME="worker-user-data-managed"
WORKER_IGNITION_FILE="/tmp/worker.ign"
IGNITION_CERT_SECRET_NAME="ignition-cert"

# Step 1: Generate the spoke cluster kubeconfig
oc get secret "${CLUSTERNAME}-admin-kubeconfig" -n "${CLUSTERNAME}" -o jsonpath='{.data.kubeconfig}' | base64 --decode > /tmp/kubeconfig

# Extracting the source URL from the secret without jq
worker_url=$(oc extract --kubeconfig /tmp/kubeconfig -n openshift-machine-api secret/${SECRET_NAME} --keys=userData --to=- | grep 'merge' | sed -n 's/.*"source": "\([^"]*\)".*/\1/p')

echo "Worker URL: $worker_url"

# Extract and decode the base64 encoded data without jq
oc extract --kubeconfig /tmp/kubeconfig -n openshift-machine-api secret/${SECRET_NAME} --keys=userData --to=- | grep 'certificateAuthorities' -A 1 | grep 'source' | sed -n 's/.*"source": "\([^"]*\)".*/\1/p' | base64 -d > "$WORKER_IGNITION_FILE"

# Step 2: On ACM Hub, create the ignition-cert secret
echo "Creating ignition-cert secret on ACM Hub"
oc create secret generic "$IGNITION_CERT_SECRET_NAME" --from-file=tls.crt="$WORKER_IGNITION_FILE" -n "$CLUSTERNAME"

# Step 3: Patch the cluster agent
echo "Patching cluster agent"
oc patch agentclusterinstall "$CLUSTERNAME" -n "$CLUSTERNAME" --type=merge -p \
    '{"spec":{"ignitionConfigOverrides":{"caCertificateReference":{"name":"'"$IGNITION_CERT_SECRET_NAME"'","namespace":"'"$CLUSTERNAME"'"}}}}'

echo "Task completed successfully."
